##############################################################################
# Squid configuration file
##############################################################################

http_port 3128 

# NEED TO BE CUSTOMIZED
cache_mgr <%= email %>
mail_from <%= email %>

visible_hostname <%= visible_hostname %>

cache_mem <%= cache_mem %> MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 524288 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

#cache_replacement_policy heap LFUDA

memory_replacement_policy lru
cache_dir ufs /var/spool/squid <%= cache_size %> 16 256

httpd_suppress_version_string on
forwarded_for on
icp_port 0

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st Host:"%{Host}>h" ref:"%{Referer}>h" ua:"%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
coredump_dir /var/spool/squid

debug_options ALL,1

mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid

check_hostnames on
hosts_file /etc/hosts

# ACLs to define what is allowed and what is not
acl all src 0.0.0.0/0.0.0.0 
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 443		# https
acl Safe_ports port 3128
acl Safe_ports port 23128		# https
acl FRONTIER dst 192.12.15.9
acl FRONTIER dst 128.142.175.221
acl Safe_ports port 8080
acl FRONTIER2 dstdomain voatlas43.cern.ch
acl FRONTIER2 dstdomain atlfrontier.pic.es

acl cernvm_cluster dstdomain cernvm.cern.ch rbuilder.cern.ch cernvm-test.cern.ch cernvm-devel.cern.ch cernvm-webfs.cern.ch cernvm.lbl.gov atlas-cernvm.cern.ch electra.lbl.gov

acl CONNECT method CONNECT

# Enforcing of ACLs
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost

http_access allow cernvm_cluster
http_access allow CONNECT cernvm_cluster SSL_ports

http_access allow localhost
http_access allow FRONTIER
http_access allow FRONTIER2

http_access deny all
icp_access deny all

acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# Routing information to parent caches: everything is forwarded to cernvm-webfs.cern.ch
#cache_peer cernvm-webfs.cern.ch    parent    80  0  no-query no-digest name=cernvm default
#cache_peer_access cernvm allow all
#never_direct allow all

#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin \?
#cache deny QUERY
#acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache

